An organization has been seeing increased levels of malicious traffic. A security analyst wants to take a more proactive approach to identify the threats that are acting against the organization's network. Which of the following approaches should the security analyst recommend?
Using the MITRE ATT&CK framework to develop threat models is the recommended approach for proactively identifying the threats acting against the organization's network. The MITRE ATT&CK framework provides a comprehensive knowledge base of adversary tactics and techniques based on real-world observations. This structured approach allows security analysts to anticipate potential threats, understand the tactics and techniques used by attackers, and develop effective defense strategies before an attack occurs. This proactive identification and understanding of possible threats align well with the need to address increased levels of malicious traffic.
https://www.examtopics.com/discussions/comptia/view/69696-exam-cs0-002-topic-1-question-212-discussion/
"proactive approach to identify the threats" it is definition of threat hunting so the answer is B
saw a comment thatai said b.. but gpt says a.. A. Using the MITRE ATT&CK framework to develop threat models is the BEST approach the security analyst should recommend to identify the threats that are acting against the organization's network in a more proactive manner. The MITRE ATT&CK framework is a comprehensive knowledge base of adversary tactics and techniques based on real-world observations of cyberattacks. It provides a structured and systematic approach to developing threat models by identifying the various tactics and techniques that an adversary may use to carry out an attack. By using the MITRE ATT&CK framework, the security analyst can gain a better understanding of the potential threats and develop a proactive approach to detect and respond to them. Conducting internal threat research and establishing indicators of compromise (Option B) can also be an effective approach to identifying threats; however, it is a more reactive approach and may not be as proactive as using the MITRE ATT&CK framework.
According Ai, The most appropriate answer is B. Conducting internal threat research will help the analyst identify the types of threats that are currently directed at the organization, better understand attack patterns, and establish indicators of compromise (IoC) based on this data. These IoCs can then be used to detect threats in the future, as well as to adjust security strategies. The other options are not as proactive and do not fully identify current threats.
I chose A, Use the MITRE ATT&CK framework to develop threat models, because it is the most comprehensive and proactive approach to identifying the threats that are acting against an organization's network. The MITRE ATT&CK framework is a comprehensive knowledge base of tactics, techniques, and procedures used by threat actors. By using this framework to develop threat models, security analysts can identify potential threats, assess the risk they pose, and develop mitigation strategies to prevent or minimize the impact of an attack.
A it was not B on the last dump so it wouldn't be it now
With MITRE ATT&CK framework the security analyst can identify potential attack vectors and understand the tactics and techniques used by threat actors. This approach can help the organization proactively identify and prevent attacks before they occur. Conducting internal threat research and establishing indicators of compromise, IS a REACTIVE approach that is NOT proactive. It is more focused on responding to incidents after they occur, rather than preventing them from occurring in the first place.
I’m going with A. B is reactive
only information we have is increased levels of malicious traffic. Too early to map TTP on Mitre Att&ck framework in my opinion. In any case, if you are in the field, most likely that threat research will always be part of it.
Keyword: "Proactive" threat hunting is the only answer here that is proactive.
Edit I meant B not A
Because commenting was too short, its A
A is the Correct answer, In the question it asking Analyst wanted to identified type of threat not IoC inside the organization. A is definitely correct answer.
ATT&CK is valuable for understanding attacker behavior, it's a foundational tool. It won't directly identify ongoing threats in the organization's network.
If you want to identify threats you need threat research
The security analyst wants to take a proactive approach to identify the threats, which suggests that they are not yet known. So the analyst can perform the following techniques: Threat hunting: This involves actively searching for indicators of compromise (IOCs), unusual behaviors, and hidden threats within the organization's network or Threat intelligence: This involves gathering and analyzing information about known and emerging threats to improve the organization's security posture.
Why not A., because MITRE ATT&CK is a threat model and Threat modeling is a valuable tool for understanding the threats that an organization faces, but it is not a proactive approach of detecting threats that you have not identified yet.
CompTIA guide says: Threat hunting utilizes insights gained from threat research and threat modeling to proactively discover whether there is evidence of TTPs already present within the network or system. This contrasts with a reactive process that is only triggered when alert conditions are reported through an incident management system.
A. Use the MITRE ATT&CK framework to develop threat models. The security analyst should recommend using the MITRE ATT&CK framework to develop threat models. The MITRE ATT&CK framework is a comprehensive knowledge base that catalogs and organizes different techniques and tactics used by threat actors during various stages of a cyberattack. By using this framework, organizations can proactively identify and understand potential threats and develop effective defense strategies. The framework provides a structured approach to mapping and analyzing attack techniques, enabling security teams to stay ahead of evolving threats and improve their overall security posture.